7
votes
What are people's thoughts on "secureblue", "bazzite" and other ublue images?
Link information
This data is scraped automatically and may be incorrect.
- Title
- GitHub - secureblue/secureblue: Immutable Fedora images for GNOME, KDE, Bluefin, Sway, Cinnamon, and Wayfire with some hardening applied
- Authors
- secureblue
For those who do not know, Universal Blue, or ublue is an ecosystem of operating system images based on Fedora Atomic Desktops. They aren't a fully fledged separate distribution, rather customized images based on pre-existing Fedora options. Some of these include custom kernels etc. for Surface devices and Asus devices, or more extreme tweaks like Bazzite which ports all of the Steam Deck's software to a Fedora Based image for use on a Steam Deck, ROG Ally etc.
The main interest to me is specifically secureblue, one of the community images. I have yet to see much discussion on Privacy Guides, but many of the changes do seem to be quite sensible ones. Particularly the changes to the default firewall behaviour, opportunistic DoT and DNSSEC and the MAC address randomization (the way those are configured by default in Fedora always rubbed me the wrong way). I am also intrigued by the inclusion of GrapheneOS' hardened malloc, but also a little concerned with compatibility. I am just curious if anyone here who is more knowledgeable or has tried using secureblue or any other ublue images and has any further thoughts on them? I find the concept rather exciting, as it allows people to create much more opinionated images without having to create yet another distro that lacks 'relevancy'.
Seems neat. Though I worry that the "containerize all the things!" workflow would be tiring after a while for advanced users that aren't IT professionals. Flatpacks are nice for user apps but when starting a new coding project or making a little script, you now have the added overhead of having to define, build, and deploy a dev environment for it to run inside.
I don't know about you but dealing with the tooling required to reach a first build is already enough of a pain point to kill the enthusiasm I have for some ideas I want to explore.
Apparenly the recommendation for development is to use a program like toolbox or distrobox to launch containers to work in. Then you can you can be as messy as you like, and possibly start from custom containers with dev environments pre-installed.
Haven't looked into the security aspect, but I can't talk enough about how much better immutable operating systems are compared to the old style. NixOS is exactly what I've always wanted, and I am excited to try out immutable fedora images (considering before Nix, Fedora was my favorite daily driver OS).